[TLS] Re: TLS 1.3, Raw Public Keys, and Misbinding Attacks

Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 18 November 2024 07:07 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69723C110D3A for <tls@ietfa.amsl.com>; Sun, 17 Nov 2024 23:07:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dukhovni.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EJGm5l3JlbJ5 for <tls@ietfa.amsl.com>; Sun, 17 Nov 2024 23:07:08 -0800 (PST)
Received: from chardros.imrryr.org (chardros.imrryr.org [144.6.86.210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50062C151097 for <tls@ietf.org>; Sun, 17 Nov 2024 23:07:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dukhovni.org; i=@dukhovni.org; q=dns/txt; s=f8320d6e; t=1731913624; h=date : from : to : subject : message-id : reply-to : references : mime-version : content-type : in-reply-to : content-transfer-encoding : from; bh=xUAd/w/CK3KAKj3iTUQsKaM/+mA7hjjX0kbN1IqNgXA=; b=kUX6TTtY2xtoM+tis0EB6xKtO4+4NeMFgIAQUtbWG9JrrSWG68YHCaBKTKuKDBcL3HuRS 5j/aTRlPJKWScEA6BowsVvIOtkJIat4wKlkZxU6gfSH1PTtKMa6Cj7mmIcY6t3IinjPTMh1 2S7MuikoLoJL7EL+3artCR1JgDaep1w=
Received: by chardros.imrryr.org (Postfix, from userid 1000) id 0D43192B6F8; Mon, 18 Nov 2024 18:07:04 +1100 (AEDT)
Date: Mon, 18 Nov 2024 18:07:04 +1100
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <ZzrnmPoMiUfKKk5Z@chardros.imrryr.org>
Mail-Followup-To: tls@ietf.org
References: <GVXPR07MB9678DFD1EED3971606FB3DE6893B2@GVXPR07MB9678.eurprd07.prod.outlook.com> <AS8PR10MB7427BE068D9472C465A7392EEE082@AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM> <5a79de00-2204-4e92-84bb-8b9b272a6ea6@iki.fi>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <5a79de00-2204-4e92-84bb-8b9b272a6ea6@iki.fi>
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: TSZTH6557KCDA3U6DGTUKQMXJC4HNAEB
X-Message-ID-Hash: TSZTH6557KCDA3U6DGTUKQMXJC4HNAEB
X-MailFrom: ietf-dane@dukhovni.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Reply-To: tls@ietf.org
Subject: [TLS] Re: TLS 1.3, Raw Public Keys, and Misbinding Attacks
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/l1JdTcYyYOGskbgA22blEDkT65o>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On Mon, Nov 18, 2024 at 08:25:12AM +0200, Mohit Sethi wrote:

> The model detects misbinding in both cases: i) where the received
> public key is verified via DANE, and ii) where the received public key
> is verified from a list of pre-configured keys.

If the preconfigured key is correctly bound to the intended server, it
is unclear what "rebinding" or other problem you have in mind.  As
for client certificates vs. client RPKs there's again no issue.

Client identifies supplied 3rd-party CAs have little value in most
cases, rather, in the rare case that client certificates are used at
all, the relying party typically also controls client cert issuance and
binding of public keys to names.  In such cases, one can dispense with
reliance on stale certificates and instead look up the public key in
the current name binding database, which should be more up to date.

No client identity other than the public key is necessary in such cases,
the public key is an index into a privately maintained ACL, and
3rd-party CAs are not trusted to assert client entitlment.

Yes, one can imagine scenarios where certificates are some sort of
"government-issued id" and the service provided is to a "legal person",
as identified by said government, rather than to a registered customer.
Such services that delegate user authentication to government-issued
ids in the form of certificates, can of course choose to not use RPKs
(which are typically not enabled by default anyway).

> In fact, the existence of misbinding of TLS RPK can easily tested in the
> real-world with OpenSSL using the following command (version 3.2.0 and up):
> 
> > openssl s_client -connect msguru.eu:25 -dane_tlsa_domain "msguru.eu"
> > -dane_tlsa_rrdata "3 1 1
> > F4D9CF3B4E251085A4F3193DAAF3A5141CD95C7109D33C971C3F8F7CEC48CD1B"
> > -starttls smtp -enable_server_rpk
> 
> The above command results in a successful TLS handshake as is evident from
> the output:
> [...]

> However, there is no server msguru.eu listening on port 25. Instead you are
> connected to Viktor's mail server at mx1.imrryr.org which supports server
> authentication with RPKs and has a DANE record published:
> https://www.nslookup.io/domains/_25._tcp.mx1.imrryr.org/dns-records/tlsa/.

See also second block of comments below.  Note that most SMTP deliveries
with STARTTLS are unauthenticated opportunistic TLS, so no RPK is
required to perform "misbinding", just point your MX record hostname, or
IP address of your MX host somewhere else, and you're set (to achieve
nothing in particular).

> Thankfully, most ISPs block outbound port 25 and therefore Viktor's mail
> server is not suddenly going to see a massive spurt in traffic.

There are plenty of connections trying in vain to brute force SASL
logins on ports 587 and 465.  And nothing would be gained by making
"cross origin" requests to my MX hosts that could be made directly
instead.

> The fact that someone can publish a different MX record as their own
> and that the SNI can be used to detect such situation was already
> pointed out by Viktor in his email:
> https://mailarchive.ietf.org/arch/msg/tls/ey_rNTC8Um1OMD5cxjkpZ1OyInQ/.

It seems you've not entirely understood that post, detecting unexpected
SNI is perhaps appopriate in HTTPS (though the "Host:" header would
perhaps be a more easily inspected signal).  In the case of SMTP there
is little reason to bother, because there are no cross-origin issues to
guard against, and MX records already support redirection, no
"rebinding" needed.  Quoting from that post:

    Note, that, for example, with SMTP the simplest way to direct traffic to
    someone else's MX host is to publish MX records for one's own domain
    that specify that MX host.  So "misbinding" attacks are not
    "interesting" in this context.  Furthermore, because there are no
    "cross-origin" issues in SMTP, there is nothing to be gained by
    misleading a client that it is connected to a service endpoint for which
    one can control the expected public key binding, when in fact it is
    connecting to a "victim" service endpoint.

    And of course how clients learn the association between and endpoint,
    and the expected raw public key is a rather separate matter from whether
    public keys or certificates happen to be used.  The public key might
    be pre-shared out of band over a pre-existing bilateral trusted channel
    between client and server, and proof of possession could be part of
    that exchange if desired and useful.

> The lesson here is the same countermeasure for all misbinding attack - be
> explicit about the identities and check them. We have created a pull request
> for 8446bis adding a reference to misbinding attacks and countermeasures
> when using RPK. The goal was to keep the text to a minimum:
> 
> https://github.com/tlswg/tls13-spec/pull/1366

The "lesson" has a specific scope.  There is no problem with RPKs in
SMTP, and TLS is not synonymous web browsing over HTTPS.  Not even all
HTTPS traffic is in scope, because rebinding is of little interest in
machine-to-machine HTTPS with the client not running any scripts from
the server.

I do hope that any proposed text is not overly broad, and does not
negatively impact valid use of RPKs in non-web applications.

-- 
    Viktor.